If like me, you manage one or more Joomla websites, you will no doubt be aware of the sorry lack of user friendly documentation and the appalling lack of a powerful native log facility. This seems to me to be an enormous oversight on the part of the developers however it is possible with a little jiggery pokery to get the information you need.

I noticed recently that there were enormous amounts (1500 per day) of failed login attempts at the default backend URL (site.com/administrator/). This is to be expected of any installation like this however one cannot help but feel uneasy at the incessant minute by minute brute force dictionary attacks rolling by in the log. If your passwords are secure then you'll almost certainly be fine. If your administrator username is anything but admin, you'll be even better. Still I wasn't satisfied and I decided to call in the big guns.

When it comes to defence against brute force attacks, few tools are better than Fail2ban. In the words of Wikipedia:

"Fail2Ban is an intrusion prevention software framework that protects computer servers from brute-force attacks. Written in the Python programming language, it is able to run on POSIX systems that have an interface to a packet-control system or firewall installed locally, for example, iptables or TCP Wrapper."

It really is a great tool for defending against the legions of casual script kiddies.

So, to work. I needed to configure F2B to ban anybody (any address) which appeared regularly in the log as having failed authentication. First I needed to find the logs.

It turns out that the logs are to be found at System > Global Configuration > System > Path to Log Folder. On my system this was in ~mysite/administrator/logs. Who knew!

Armed with this information it was time to set up F2B.

I already had F2B set up covering such things as sendmail and sshd so it was just a matter of adding support for a new service. I won't go into detail about setting up F2B from scratch as there are plenty of good guides out there covering that.

It was the paucity of guides covering the addition of a service to F2B however which prompted me to write this post. There just doesn't seem to be one which is set out properly and logically so Ill do my best to cover it here.

First, it is necessary to navigate to /etc/fail2ban/filter.d/ and create a new filter file to protect Joomla. I called mine joomla-login.conf and its contents are shown below.

# Fail2Ban configuration file

#

# Author: Paula Livingstone

# Rule by : Paula Livingstone

[Definition]

# pattern(s):

#2018-10-12T09:23:16+00:00 INFO 185.206.225.144 joomlafailure Username and password do not match or you do not have an account yet. ("admin")

# Option: failregex

# Notes.: regex to match the password failure messages in the logfile. The

# host must be matched by a group named "host". The tag "<HOST>" can

# be used for standard IP/hostname matching and is only an alias for

# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)

# OPTMISED REGEX (good for J1.5 - J2.5 - J3.xx)

failregex = ^\tINFO\ <HOST>\tjoomlafailure\tUsername and password do not match or you do not have an account yet.*$

This file tells F2B the make up of the lines in the log and, by using Regex, enables it to parse the necessary information from the lines within the log.

Having completed this, we now need to add an entry to our jail.local file which can be found at /etc/fail2ban/jail.local. Within this file we add the following:

So, all that remained was to restart the F2B service and watch the attackers get banned. F2B has the facility to send an email each time it carries out a given action so this is no great shakes to set up and watch the fireworks.

As the worlds journey through the second industrial (Internet) revolution carries on apace, todays businesses face an emerging challenge. Unless your company has its own "in-house" network professionals it is likely that the demands the Internet places on your business, whilst clearly a massive opportunity are also the source of what can seem like spiralling overhead costs in terms of personnel and knowledge.

Back in the mists of history during the first industrial revolution, the electric light bulb was causing a stir. The new technology was clearly a fantastic opportunity for business of the time to increase productivity and improve working conditions. It was basically a new fangled technology which could enable businesses to "work smarter". Now where have we heard that before?

The first electricity installation companies were small bands of highly educated and highly paid technical afficionados who were evangelists of the technology rather than being more akin to the matter of fact electricians of today. The technolgy has nowadays moved from invention to commodity to utility and that process probably took 10 to 20 years to fully complete. There are a lot of parallels that can be drawn between that revolution and this one.

Heres one cast iron fact. Businesses today need networks. Whether it is to connect their towering office blocks in each corner of the world into one great corporate network or just to connect their office computers to their printer and the internet to read their emails, they all need their networks. We have tried to think of one single business that wouldnt put itself at a disadvantage in todays world by ignoring everything related to the internet such as emails and websites and we have failed. From the sole trader window cleaner to the corporate giant, all of them now need their networks.

The technology is now moving into the realms of utility rather than being "a great new invention". Nowadays your average Granny in Scotland is just as likely to switch on the laptop as they are to switch on their central heating. Ok thats a dubious fact I'll concede but you get the picture. The world has changed forever and the Scottish business community as well as the residential community now need their networks. The technology is now thought of more like a central heating boiler than the hubble telescope to the average consumer. They just want it to work.

Todays networks now need plumbers. Todays Scottish businesses now need network plumbers and not the techie evangelist types of the last 10-20 years. They need matter of fact network tradespeople who they can call upon to get things working properly when they arent. They dont need an inhouse plumbing enthusiast who does plumbing for a hobby and thinks theyre a bit handy with a pipe bender and they certainly dont need a plumbing department full of plumbers in their overalls ready to fix a boiler at a moments notice.

Ok weve stretched the plumbing analogy a little too far here but I believe the point is made. When it comes to network plumbing and you need the system to just work. When you need a no nonsense expert in the trade to advise you on the best systems for your requirements or just to make your existing systems do the job that you need them to do for you, day in-day out, give us a call at Rustyice Solutions. The network plumbers.